Highest Voted Questions - Cryptography Stack Exchange

15

votes

2 answers

Can a salt for a password hash be public?

From my understanding, salts in password hashes are used to prevent the precomputation of plaintext→hash values (rainbow tables). I know from different threads that it is unnecessary to keep the salt secret (i.e., it doesn't need to be encrypted),…

asked Jan 04 '14 at 15:10

Chris

325
3
7

15

votes

1 answer

How does the secret key in an HMAC prevent modification of the HMAC?

Just as a preface: I'm not implementing a HMAC - I just want to understand it, as it is part of of my Computer Science course. When using Hash-based message authentication codes, I understand that you need to protect the front and back of the MAC to…

asked Jan 01 '14 at 15:53

user11184

15

votes

3 answers

Are there other digital certificate formats than X.509?

Hi I am a little new to security, but in researching digital certificates it seems the only format people describe is X.509. Are there other formats? If so what are they and where can I find information on them?

certificates

asked Dec 31 '13 at 12:05

user3137124

253
2
5

15

votes

3 answers

A timestamping authority (digital notary)

Does there currently exist a free online service that accepts a file, hashes it, takes an authoritatively chosen timestamp (from one or more time services), signs these and sends this signed message back? E.g. a digital notary, but only with regards…

asked Dec 29 '13 at 16:32

sshine

272
5
11

15

votes

3 answers

Can we ensure the security of a crypto-algorithm and -implementaton against acoustic cryptanalysis?

Like people always say: “Attacks only get worse…” — which is why I'm asking early. I have been reading the paper “RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis” published December 18, 2013 by Daniel Genkin, Adi Shamir, Eran…

asked Dec 21 '13 at 07:28

e-sushi

17,891
12
83
229

15

votes

1 answer

Impact of Ryan and Heninger's CRYPTO 2023 paper on post quantum cryptosystems

From Schneier's blog, which seems to have been written in response to a somewhat recent Quanta magazine article: The winner of the Best Paper Award at CRYPTO this year (2023) was a significant improvement to lattice-based cryptanalysis. So the…

asked Feb 16 '24 at 19:11

kodlu

22,423
2
27
57

15

votes

3 answers

Why does second pre-image resistance imply pre-image resistance

I am studying hash functions. I can understand why collision resistance implies second preimage resistance, but I don't get why second preimage resistance should imply first preimage resistance. Could anybody be help me with this argument from…

asked Sep 27 '13 at 18:45

juaninf

2,701
2
18
28

15

votes

5 answers

How can rainbow tables be used for a dictionary attack?

I'm putting together a password policy for my company. I very much want to avoid requiring complex passwords, and would much rather require length. The maximum length I can enforce is 14 characters. I can calculate that 14 random lower case…

asked Oct 25 '11 at 21:49

Mitchell Kaplan

283
2
7

15

votes

3 answers

Is the CBC weakness in XML Encryption a new discovery? Are other applications vulnerable?

The RUB in Germany reports that XML encryption is broken. This is essentially the W3C standard for protecting XML documents from prying eyes. Does this mean that an attacker can only see a single message, or that they can actually infer the…

asked Oct 23 '11 at 17:14

makerofthings7

2,621
1
20
36

15

votes

4 answers

Kyber and Dilithium explained to primary school students?

Kyber and Dilithium are post-quantum cryptographic designs, but the resources are hard to understand. Is it possible to explain those ciphers to children?

asked Jan 15 '23 at 12:02

Flan1335

361
2
6

15

votes

6 answers

Why do web-services tend to use preshared secret keys for client authentication instead of public keys?

Every API that I have ever signed up with gives you a secret key that you can then paste into your application. They know the key, and so do you. (The one exception may be VAPID for Web Push). Why is this the case? Some apps and protocols already…

asked Sep 09 '22 at 15:03

Gregory Magarshak

435
3
11

15

votes

1 answer

The death of isogeny-based cryptography?

Wouter Castryck and Thomas Decru recently broke SIDH. From the abstract: We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on a "glue-and-split" theorem due to Kani. The referenced Kani…

asked Jul 31 '22 at 18:59

Danial

151
1
3

14

votes

5 answers

Cryptographically safe lookup of value in a set

I'm looking for an elegant solution to the might-seem-trivial problem of looking up for specific value in a known set of values without disclosing what value we look for. Let me describe it in a classical way: Alice will soon celebrate her birthday…

asked Feb 10 '22 at 21:00

vnd

266
1
6

14

votes

7 answers

Generate Elliptic Curve Private Key from User Passphrase?

I'd like to generate a private elliptic curve key from user input like pass phrase. Is the best way to do this with a key derivation function like PBKDF2? Is there a better way? Edit (based upon @poncho's questions) To be specific, this is for a…

asked Aug 19 '13 at 05:12

JP Richardson

283
3
8

14

votes

1 answer

Why "1" in 51% attack on Blockchain network

In many sources, included Wikipedia, we read: Any pool that achieves 51% hashing power can effectively overturn network transactions, resulting in double-spending. My question is: Why do we talk about 51% attack? If my understanding is correct, we…

asked Dec 20 '21 at 11:40

Manu NALEPA

243
2
6

Most Popular